Bouclier v0.1.0 — The On-Chain Trust Layer for AI Agents is Open Source

[incyashraj]

Hey everyone 👋

I'm Yashraj (student at NTU Singapore). Over the last several weeks I've been building something that I think the space genuinely needs: an on-chain trust layer for autonomous AI agents.

Today I'm releasing Bouclier v0.1.0, open source, MIT. I'd love feedback, co-builders, and anyone who wants to help push it toward becoming an ERC standard.

---

The Problem,

AI agents are already controlling wallets, executing DeFi trades, and managing DAO treasuries on-chain. Today there are over 17,000 active agents operating on EVM-compatible chains.

None of them have a standard answer to:
What is this agent authorised to do?
How much can it spend, per day, per transaction?
Can I revoke it instantly if something goes wrong?
Is there a tamper-proof audit trail of everything it did?

This isn't hypothetical. Agents with approve(MAX_UINT256) + no revocation mechanism + no spend cap = a loaded gun with no safety.

---

What Bouclier Is

Think of it as OAuth + IAM for AI agents on blockchain.

Instead of giving an agent unlimited wallet access, you issue it a cryptographically-scoped permission grant:

Agent XYZ is allowed to:
  - Call: Uniswap v3 and Aave v3 only
  - Spend: max $500/tx, max $2,000/day
  - Tokens: USDC, ETH, WBTC only
  - Time: Weekdays 08:00–20:00 UTC
  - Expiry: 90 days
  - Revocable: Instantly

This scope is signed by the owner (EIP-712), stored on-chain, and enforced by an ERC-7579 validator module that hooks into the ERC-4337 validateUserOp pipeline. Every UserOp from the agent is checked against these constraints before execution.

---

What's Actually Built (v0.1.0)

9 Solidity contracts — 5 core + SessionKeyManager + EIP7702Adapter + ERC6900Adapter + FeeCollector, all source-verified on Base Sepolia
143 unit + integration + invariant tests
Certora Prover formal verification — 15 rules, 0 violations
Echidna fuzz testing — 10M iterations, 0 violations
Slither + Mythril static analysis — 0 open findings
TypeScript SDK (@bouclier/sdk)
Python SDK (bouclier-sdk)
LangChain integration (@bouclier/langchain)
Coinbase AgentKit integration (@bouclier/agentkit)
ELIZA/ElizaOS plugin (@bouclier/eliza-plugin)
The Graph subgraph — live, indexed, queryable
Dashboard at bouclier.eth.limo with agent management, audit explorer, and permission UI
EIP draft — IAgentPermissionValidator standard for ERC-7579 validator modules

---

The EIP

I've drafted a full EIP proposing IAgentPermissionValidator as an ERC-7579 validator module standard for AI agent permission enforcement.

The core interface is minimal and composable:

interface IAgentPermissionValidator {
    function grantPermission(bytes32 agentId, PermissionScope calldata scope, bytes calldata ownerSignature) external;
    function revokePermission(bytes32 agentId) external;
    function validateUserOp(PackedUserOperation calldata userOp, bytes32 userOpHash) external returns (uint256);
    function getActiveScope(bytes32 agentId) external view returns (PermissionScope memory);
    function hasActivePermission(bytes32 agentId) external view returns (bool);
}

Any ERC-7579-compatible account (Safe{Core}, Kernel, Biconomy Nexus, ZeroDev) can install this as a validator module and get agent permission enforcement without modifying their account contract.

I'm planning to formally submit this to the ethereum/EIPs repo and to post on Ethereum Magicians for feedback. If anyone on the ERC-7579 team or modular account builders (Biconomy, ZeroDev, Alchemy) wants to weigh in on the interface design, I'd genuinely love that conversation.

---

Open for,

Feedback on the EIP interface — Does the PermissionScope struct cover the right cases? Is the violation type string registry approach correct? Should daily caps use a SpendTracker external module or inline accounting?

People who build with agent frameworks — If you're building with LangChain, ELIZA, or AgentKit and have opinions on what the BouclierCallbackHandler should expose, I want to hear it.

Anyone who wants to co-build — The main thing missing is a third-party audit (targeting Trail of Bits or OZ). I'm looking for co-builders or angels who believe in this becoming a standard.

Critique — If you see a security flaw, a design mistake, or a better approach, say it. The whole point of open-source is that you catch things.

---

Quick Links

• Platform: bouclier.eth.limo
• GitHub: github.com/incyashraj/bouclier
• Contracts: Base Sepolia verified
• Subgraph: Studio query endpoint
• EIP Draft: docs/eip-draft-agent-permission-validator.md
• Bugs: Security Advisories

---

Built with: Foundry · ERC-7579 · ERC-4337 · Base L2 · The Graph · LangChain · Coinbase AgentKit · ELIZA · Certora Prover · Echidna

---

If you made it this far: thanks for reading. AI agents controlling real money with no cryptographic constraints is not a hypothetical future problem, it's happening today. I think this standard can fix it. Let's build it together.

— Yashraj